Unable to access live camera stream using Public IP

[Sarveshltts]

Hi ,

We tried running the application in AWS environment and we have enabled all the ports in security rules.
We are able to ping our elastic ip from inside the vm also.

But when we try to start live streaming from our personal laptop using this elastic ip, it does not work.
When we try running the same using private ip of vm or localhost from browser of AWS VM , it works fine.

Regards,

[xwu2intel]

Sorry. What IP address did you expose? You should not expose the elastic IP.
What you need to expose is the web service IP: https://github.com/OpenVisualCloud/Smart-City-Sample/blob/master/deployment/kubernetes/yaml/cloud-web.yaml.m4#L17.
Make HOSTIP your public IP address.

[tarun28jain]

We tried what was mentioned for external-ip on kubernetes but now even UI is not loading for our AWS instance by using elastic or private ip.

When using the application using docker-swarm over an aws instance with Private Ip as 1.1.1.1(suppose) and elastic ip as 2.2.2.2(suppose)

Scenario1:

Accessing UI at 1.1.1.1
UI is working fine from browser over our laptop and the live camera videos are playing fine when we click on camera icons on the map.

Scenario2:

When accessing UI using 2.2.2.2(elastic ip)
UI is working fine from browser over our laptop.
But when we click on camera icon on the map, live streaming video is not loading

Our understanding

The ideal flow of the code should be that it should first call the api/search to get all the sensor details then the seson id is being passed to api/sensor to get stream and room id and these data are being passed to api/token which sends the token which is being passed to the OWT's join method to socket.io calls but when running on elastic IP for socket.io calls we are not able to get the remotestream so there is no mediastream to be published to the src object of the video, basically the wss call is not getting any message to show live stream.
Our webrtc api calls are returning 200 OK but we are not able to retrieve mediastream when using UI via elastic ip.

[xwu2intel]

Have you opened UDP ports 10000-10010? For each office instance, there are 10 UDP ports allocated for webrtc streaming. So if you run 2 offices, the UDP port range is 10000-10020.

[xwu2intel]

Also, please make sure the HOSTIP variable in deployment/kubernetes/build.sh is correctly set to be your elastic IP.

[tarun28jain]

Hi,

We have made the suggested changes as follows

**build.sh**
#!/bin/bash -e

DIR=$(dirname $(readlink -f "$0"))
PLATFORM="${1:-Xeon}"
SCENARIO="${2:-traffic}"
NOFFICES="${3:-1}"
IFS="," read -r -a NCAMERAS <<< "${4:-5}"
IFS="," read -r -a NANALYTICS <<< "${5:-3}"
FRAMEWORK="${6:-gst}"
NETWORK="${7:-FP32}"
REGISTRY="$8"
#HOSTIP=$(ip route get 8.8.8.8 | awk '/ src /{split(substr($0,index($0," src ")),f);print f[2];exit}')
HOSTIP="x.x.x.x"

case "N$SCOPE" in
    N | Ncloud | Noffice*) ;;
    *)
        echo "Unsupported scope: $SCOPE"
        exit 1 ;;
esac
echo "HOSTIP: $HOSTIP"
echo "Generating templates with PLATFORM=${PLATFORM}, SCENARIO=${SCENARIO}, NOFFICES=${NOFFICES}"
find "${DIR}" -maxdepth 1 -name "*.yaml" -exec rm -rf "{}" \;
for template in $(find "${DIR}" -maxdepth 1 -name "*.yaml.m4" -print); do
    m4 -DREGISTRY_PREFIX=${REGISTRY} -DNOFFICES=${NOFFICES} -DSCENARIO=${SCENARIO} -DPLATFORM=${PLATFORM} -DNCAMERAS=${NCAMERAS[0]} -DNCAMERAS2=${NCAMERAS[1]:-${NCAMERAS[0]}} -DNCAMERAS3=${NCAMERAS[2]:-${NCAMERAS[1]:-${NCAMERAS[0]}}} -DNANALYTICS=${NANALYTICS[0]} -DNANALYTICS2=${NANALYTICS[1]:-${NANALYTICS[0]}} -DNANALYTICS3=${NANALYTICS[2]:-${NANALYTICS[1]:-${NANALYTICS[0]}}} -DFRAMEWORK=${FRAMEWORK} -DNETWORK_PREFERENCE=${NETWORK} -DUSERID=$(id -u) -DGROUPID=$(id -g) -DHOSTIP=${HOSTIP} -DBUILD_SCOPE=$SCOPE -DHA_CLOUD=${HA_CLOUD:-1} -DHA_OFFICE=${HA_OFFICE:-1} -DHA_SRS_OFFICE=${HA_SRS_OFFICE:-1} -I "${DIR}" "${template}" > "${template/.m4/}"
done


[root@controller build]# kubectl get po
NAME                                                 READY   STATUS    RESTARTS   AGE
cloud-gateway-54d88d85dc-tbm26                       1/1     Running   0          85s
cloud-storage-55bd76fb7-5jvkh                        1/1     Running   0          84s
cloud-web-f45476cbf-6xsmn                            1/1     Running   0          84s
db-0                                                 1/1     Running   0          74s
traffic-office1-alert-7d9cc75d8b-7x84z               1/1     Running   0          85s
traffic-office1-analytics-traffic-764d8959dc-qwhql   1/1     Running   0          85s
traffic-office1-camera-discovery-69b4cbcc55-mmtg6    1/1     Running   0          84s
traffic-office1-cameras-864d5cb5cc-9rlhx             1/1     Running   0          85s
traffic-office1-db-init-586bd8996f-wkcg4             1/1     Running   0          83s
traffic-office1-gateway-9c9f494dc-whnkm              1/1     Running   0          83s
traffic-office1-mqtt-658f9f4b54-v28b2                1/1     Running   0          84s
traffic-office1-mqtt2db-b7fc88d66-t4czd              1/1     Running   0          84s
traffic-office1-smart-upload-7687bb6cd8-vd968        1/1     Running   0          82s
traffic-office1-storage-5cdcb4995d-jdm87             1/1     Running   0          83s
traffic-office1-webrtc-7bdb4665d7-c6dnj              3/3     Running   0          83s



[root@controller build]# kubectl get svc
NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP    PORT(S)                                                                                               AGE
cloud-gateway-service               ClusterIP   10.110.225.54    <none>         8080/TCP                                                                                              102s
cloud-storage-service               ClusterIP   10.105.111.163   <none>         8080/TCP                                                                                              101s
cloud-web-service                   ClusterIP   10.102.255.221   x.x.x.x   443/TCP                                                                                               101s
db-service                          ClusterIP   None             <none>         9200/TCP                                                                                              102s
kubernetes                          ClusterIP   10.96.0.1        <none>         443/TCP                                                                                               33m
traffic-office1-cameras-service     ClusterIP   10.97.201.239    <none>         17000/TCP,17010/TCP,17020/TCP,17030/TCP,17040/TCP                                                     102s
traffic-office1-gateway-service     ClusterIP   10.100.18.75     <none>         8080/TCP                                                                                              100s
traffic-office1-mqtt-service        ClusterIP   10.110.113.89    <none>         1883/TCP                                                                                              101s
traffic-office1-storage-service     ClusterIP   10.104.93.93     <none>         8080/TCP                                                                                              100s
traffic-office1-webrtc-io-service   ClusterIP   10.102.166.89    x.x.x.x   10001/UDP,10002/UDP,10003/UDP,10004/UDP,10005/UDP,10006/UDP,10007/UDP,10008/UDP,10009/UDP,10010/UDP   100s
traffic-office1-webrtc-service      ClusterIP   10.104.223.118   <none>         8888/TCP                                                                                              100s


URL: https://x.x.x.x:443

[root@controller build]# ping x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=63 time=0.171 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=63 time=0.129 ms
^C
--- x.x.x.x ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.129/0.150/0.171/0.021 ms

We have opened all the ports for UDP transmission also.
But when we try accessing the UI over AWS Elastic IP, it is not loading.

[xwu2intel]

What's the symptom of not loading? Try curl -vvv https://xxxx and what's the output?

[tarun28jain]

Hi,

Output is as follows

[root@controller build]# curl -vvv https://x.x.x.x
* About to connect() to x.x.x.x port 443 (#0)
*   Trying x.x.x.x...
* Connection refused
* Failed connect to x.x.x.x:443; Connection refused
* Closing connection 0
curl: (7) Failed connect to x.x.x.x:443; Connection refused

Also firewall ports are enabled

[root@controller build]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens5
  sources:
  services: dhcpv6-client ssh
  ports: 179/tcp 9103/tcp 30500/tcp 30000-33000/tcp 6641/tcp 6642/tcp 6081/udp 3389/tcp 10250/tcp 10251/tcp 10252/tcp 10255/tcp 9739/tcp 6443/tcp 2379-2380/tcp 10250-10252/tcp 30553/tcp 443/tcp 10000-10100/udp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

We have also enabled all ports for tcp and udp on aws console security rules.

[xwu2intel]

Are you behind a firewall? If so, have you enabled proxy settings so that curl can go through the proxy?
Run sudo netstat -nlp | grep 443 on the Kubernetes master node. See if port 443 is listened on.
Try tcpdump on the 443 port. Run curl and see if you get a TCP request on the 443 port.
Right now, it seems that your 443 port does not get a request. The network is blocked.

[tarun28jain]

Hi,

443 port is not occupied on kubernetes master node.

Currently we are assigning external ip to our cloud-web service.
So would it bind with the host port as this elastic ip is not present on any interface of this vm?
I checked with private ip only and even it was not binding with host 443 port but this time i am able to access UI and live camera stream using private ip of the vm.

Also firewall is enabled on the system and i have enable ports on it as given in output above.
There is no proxy on this vm.

Please correct me if i am missing something.
Thanks for your help.

[xwu2intel]

Strange that you see no binding of port 443. But anyway, you have access to the UI right?
Then there must be some port forwarding happening from the elastic IP to the host. Then the app takes over.
I am not sure how this elastic IP to host IP works. Can you check if it is configurable? If so, you need to enable UDP port forwarding.

In the app, there are two places that are really critical to make the UI and WebRTC work:
Cloud Web UI IP address: https://github.com/OpenVisualCloud/Smart-City-Sample/blob/master/deployment/kubernetes/helm/templates/cloud-web.yaml#L19
WebRTC IP address: https://github.com/OpenVisualCloud/Smart-City-Sample/blob/master/deployment/kubernetes/helm/templates/office-webrtc.yaml#L111

The WebRTC IP address is responsible for the live camera streaming. This IP address should be your elastic IP.